Project SimpleProject Type: software

Project Simple

Open issues

Order by Priority
Order by Priority
  1. Enhancement
    ST-256SQL Injection : Block use of OR condition as input with quote
  2. Change Request
    ST-134Eldorado - El Dorado
  3. Enhancement
    ST-294Ability to have a form pend on change of additional form values
  4. Enhancement
    ST-316For dependent coverage, if there are no eligible dependent then the plan should not show.
  5. Enhancement
    ST-318Ability to align OE by benefit type / plan
  6. Enhancement
    ST-317Ability to review current & previous rates in employee enrollment report
  7. Enhancement
    ST-320Ability to map multiple health tier labels to one rate
  8. Enhancement
    ST-319Need to have an event date and termination date rule for qualifying events
  9. Enhancement
    ST-321Ability to create plan design health tier by plan
  10. Enhancement
    ST-313Active COBRA plans set-up methodology (i.e an active employee but needs to enroll in COBRA plans)
  11. Change Request
    ST-293WT -> Health Age Banded Rate -> When Child age changed and he went to the different age band - system did not changed his cost automatically
  12. Enhancement
    ST-371Rates - Allow employees to make a pre/post tax deduction decision on plans.
  13. Enhancement
    ST-226Query Performance - Eligibility Query
  14. Enhancement
    ST-175Query Optimization for performance
  15. Enhancement
    ST-178Query Performance - OES_SP_Get_EnrollmentModesForEmployee
  16. Enhancement
    ST-225Query Performance - OES_SP_Get_FormBuilderAttributeFields
  17. Enhancement
    ST-184Query performance - UpdateEventBuilderRuleEngineFromCriteria
  18. Enhancement
    ST-168ST-88: Suggestion: Default password should be randomized
  19. Enhancement
    ST-142Screen Level Changes and Business logic For Class wise OE
  20. Enhancement
    ST-154POC of new cloud environment
  21. Enhancement
    ST-153Database Archival: Data cut off for last 2 years
  22. Enhancement
    ST-152Database Profiling for Query Optimization
  23. Enhancement
    ST-151Code Profiling of Existing Code Base
  24. Enhancement
    ST-150Remove code patterns that contribute to GC overhead
  25. Enhancement
    ST-148Change the order of loading widgets & page background for Dashboard
  26. Enhancement
    ST-336Terminate Plan Election (Workterra Utility Changes)
  27. Enhancement
    ST-295Ability to default by client level and not have it on the employee demographics screens within SA
  28. Enhancement
    ST-366Password Resets - Auto-process to regenerate password for rehires
  29. Analysis
    ST-308System Generated ID generation
  30. Enhancement
    ST-382 Setting to auto move Emplopyee's to Inactive status after Term period expires
  31. Enhancement
    ST-372Email Notification - Customize broadcast email
  32. Enhancement
    ST-141Screen Level and Business Logic Changes For EffectvieDateTerminationDateRules
  33. Enhancement
    ST-398Analysis - If a life amount is reduced, the employee screen for that enrollment should show the original amount as well as the reduced amount
  34. Enhancement
    ST-126Code Analysis Fixes
  35. Enhancement
    ST-344SA Utility : Review and Changes
  36. Enhancement
    ST-396Analysis of Plan wise - Fiscal year
  37. Enhancement
    ST-395Analysis of For dependent coverage, if there are no eligible dependent then the plan should not show.
  38. Enhancement
    ST-345Benefit Type Clonning
  39. Enhancement
    ST-276SA Utility and WT Utility Betterment -Enrollment Rollover
  40. Enhancement
    ST-325Ability to show the pending elections (either the # of pending elections or the elections themselves) from the employee's record rather than only in the pending queue.
  41. Enhancement
    ST-327Ability to add an event that pends even when being done by the Employer
  42. Enhancement
    ST-328For the offered amount tab, we need the ability to put date spans
  43. Enhancement
    ST-330Need to add Fiscal Year logic and additional eligibility criteria if age banded rates
  44. Enhancement
    ST-329Remove requirement of putting an end date on the rates / health tier mappings
  45. Enhancement
    ST-16Decrease the number of plans / spouse eligibility
  46. Enhancement
    ST-323Add a rule for age at time of election for new hire or start of fiscal / plan year if not NH
  47. Enhancement
    ST-324If a life amount is reduced, the employee screen for that enrollment should show the original amount as well as the reduced amount
  48. Enhancement
    ST-131Ben Admin - Audit / Correction Utility - Analysis & Mockup creation
  49. Enhancement
    ST-305Moving employee to incomplete until they "finish" the enrollment tunnel
  50. Enhancement
    ST-5Need a better to see what settings are across plans, rates, qualifying events, etc
Refresh results
Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-256

SQL Injection : Block use of OR condition as input with quote

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Critical
    • Resolution: Unresolved
    • Component/s: None
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Harbinger
    • Item State:
      Development - Ready for Local Testing
    • Issue Importance:
      Must Have

      Description

      When we add input on notes category like asdf' or '1'='1 , category is getting added successfully.

      We should block use of OR with '. it should show sql injection character message.

        Attachments

          Activity

          Ascending order - Click to sort in descending order
          Hide
          Permalink
          vijayendra Vijayendra Shinde (Inactive) added a comment -

          Affected files:
          1. trunk\WORKTERRAweb\Web\SharedFunctionWebTier\SharedFunctionWebTier\Modules\CustomModelBinder.cs

          2. trunk\WORKTERRAweb\Web\Web Projects\Web.config

          We have added new tag in config which will decide if we need to validate or condition or not. This tag is added to give flexibility of use of OR in input.

          <add key="ValidateOROperatorForSQLInjection" value="true" />

          Show
          vijayendra Vijayendra Shinde (Inactive) added a comment - Affected files: 1. trunk\WORKTERRAweb\Web\SharedFunctionWebTier\SharedFunctionWebTier\Modules\CustomModelBinder.cs 2. trunk\WORKTERRAweb\Web\Web Projects\Web.config We have added new tag in config which will decide if we need to validate or condition or not. This tag is added to give flexibility of use of OR in input. <add key="ValidateOROperatorForSQLInjection" value="true" />
          Hide
          Permalink
          vijayendra Vijayendra Shinde (Inactive) added a comment -

          Duplicate with : WT-3873: Verify OR logical condition with single quote for SQL Injection

          Show
          vijayendra Vijayendra Shinde (Inactive) added a comment - Duplicate with : WT-3873 : Verify OR logical condition with single quote for SQL Injection

            People

            Assignee:
            Unassigned
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Developer:
            Vijayendra Shinde (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              1 of 146